New standard for privacy control. (Was: Stripping code with Privoxy)

Michael_google gmail_Gersten keybounce at gmail.com
Sat Mar 10 17:35:19 UTC 2007


Here's a better idea.

Why do we make the assumption that a browser can trust everything it is given?

That's a serious question. Why do browsers not have an external
verification plug in?

Lets say we wanted to design such a browser extension. Lets be clear
here: This isn't an HTTP level change to the spec (transfer of html
docs), nor an HTML level change (description and layout). This is a UI
standard change. And as far as I know, there is no UI level standard
for HTML display agents. Nor, as far as I know, are there standards
for determining which of the documents referenced in an html file are
to be loaded, or not.

So lets say we wanted to design such a standard.

The first assumption: This verifier is a trusted extension. There may
be more than one of them -- there may be an organizational level
domain verifier, a machine specific administrative verifier, and a
user specific peronal change verifier.

These verifiers are given at least all of the following:
1. Each file downloaded as part of the page fetch/display system
2. Which page is requesting the usage/reference of this

And is expected to return the approved version of the file, which may be empty.

3. The final, complete document before any scripts are executed.
4. Each script that is going to be executed, before it is executed.
5. At each point where scripts generate new code to execute, after the
code is generated and before it is run, the new result is supplied. No
more document.write() generation of code on-the-fly.
6. Each attempt to read or modify a cookie.
7. Each attempt to access an external file or application.


*** This is serious ***.

We define such a standard. We submit it to the regular RFC process,
just like HTML/HTTP. And we modify Firefox to support it. We can count
on Opera to support this.

Just imagine being able to say "Supports the web privacy and security
standard", when internet explorer doesn't.

The scope / target of this standard is not HTML fetchers, programs
that, given a URL, retrieve that URL, and only that URL. The scope /
target is the next level up -- programs that fetch a full document,
including any referenced style pages, iframes, etc.

That means all user agents, "save link as" programs, etc.



More information about the tor-talk mailing list